@synkro-sh/cli 1.4.39 → 1.4.41

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/dist/bootstrap.js +30 -30
  2. package/dist/bootstrap.js.map +1 -1
  3. package/package.json +1 -1
package/dist/bootstrap.js CHANGED
@@ -520,11 +520,13 @@ synkro_load_config() {
520
520
  SYNKRO_RULES=$(echo "$resp" | jq -c '[.rules[]? | select(.hook_stage == "pre" or .hook_stage == "both" or .hook_stage == null) | {rule_id,text,severity,category,mode}]' 2>/dev/null || echo "[]")
521
521
  }
522
522
 
523
- # Build the tag prefix for system messages: [synkro] or [synkro:PolicyName] or [synkro:silent]
523
+ # Build the tag prefix: [synkro:route:ruleset] or [synkro:silent]
524
+ # Accepts optional $1 = route override; otherwise calls synkro_route().
524
525
  synkro_tag() {
525
526
  if [ "$SYNKRO_SILENT" = "true" ]; then echo "[synkro:silent]"; return; fi
526
- if [ -n "\${SYNKRO_POLICY_NAME:-}" ]; then echo "[synkro:\${SYNKRO_POLICY_NAME}]"; return; fi
527
- echo "[synkro]"
527
+ local route="\${1:-$(synkro_route)}"
528
+ local rs="\${SYNKRO_POLICY_NAME:-all}"
529
+ echo "[synkro:\${route}:\${rs}]"
528
530
  }
529
531
 
530
532
  # Decide routing: "local" (grade on device) or "cloud" (POST to server)
@@ -750,20 +752,19 @@ IS_HEADLESS="\${SYNKRO_HEADLESS:-0}"
750
752
  case "$PERMISSION_MODE" in acceptEdits|bypassPermissions|plan|auto) IS_HEADLESS="1" ;; esac
751
753
 
752
754
  synkro_load_config
753
- TAG=$(synkro_tag)
755
+ ROUTE=$(synkro_route)
756
+ TAG=$(synkro_tag "$ROUTE")
754
757
 
755
758
  if [ "$SYNKRO_SILENT" = "true" ]; then
756
759
  jq -n --arg m "$TAG bashGuard \u2192 skipped (silent mode)" '{systemMessage: $m}'
757
760
  exit 0
758
761
  fi
759
762
 
760
- ROUTE=$(synkro_route)
761
-
762
763
  if [ "$ROUTE" = "local" ]; then
763
764
  # \u2500\u2500\u2500 Local grading (local_only privacy or local-cc channel) \u2500\u2500\u2500
764
765
  GRADER_FILE=$(mktemp -t synkro-bash.XXXXXX)
765
766
  trap "rm -f \\"$GRADER_FILE\\"" EXIT
766
- printf 'Working directory: %s\\nRepo: %s\\nCommand: %s\\nUser intent: %s\\nOrg rules: %s\\n' "\${CWD:-.}" "\${GIT_REPO:-unknown}" "$COMMAND" "\${USER_INTENT:-none stated}" "\${SYNKRO_RULES:-[]}" > "$GRADER_FILE"
767
+ printf 'Working directory: %s\\nRepo: %s\\nCommand: %s\\nUser intent (last human message): %s\\nOrg rules: %s\\n' "\${CWD:-.}" "\${GIT_REPO:-unknown}" "$COMMAND" "\${USER_INTENT:-none stated}" "\${SYNKRO_RULES:-[]}" > "$GRADER_FILE"
767
768
 
768
769
  CC_RESP=$(synkro_local_grade bash < "$GRADER_FILE" 2>&1)
769
770
  if [ $? -ne 0 ]; then
@@ -784,10 +785,9 @@ if [ "$ROUTE" = "local" ]; then
784
785
  synkro_dispatch_capture "bash" "warning" "\${LOCAL_SEV}" "\${LOCAL_CAT}" "$TOOL_NAME" "$GIT_REPO" "$SESSION_ID" \\
785
786
  "$COMMAND" "$LOCAL_REASON" "\${SYNKRO_RULES:-[]}" "$VIOLATED_JSON" "\${RECENT_USER_MESSAGES:-[]}"
786
787
  else
787
- if [ "$IS_HEADLESS" = "1" ]; then DEC="deny"; else DEC="ask"; fi
788
- REASON="$TAG bashGuard \u2192 block\${LOCAL_RULE_ID:+ ($LOCAL_RULE_ID)}: \${LOCAL_REASON:-policy violation}"
789
- jq -n --arg dec "$DEC" --arg reason "$REASON" --arg ctx "$REASON" \\
790
- '{systemMessage:$reason,hookSpecificOutput:{hookEventName:"PreToolUse",permissionDecision:$dec,permissionDecisionReason:$reason,additionalContext:$ctx}}'
788
+ REASON="$TAG bashGuard \u2192 blocked\${LOCAL_RULE_ID:+ ($LOCAL_RULE_ID)}: \${LOCAL_REASON:-policy violation}. Ask the user for explicit consent before retrying."
789
+ jq -n --arg reason "$REASON" \\
790
+ '{systemMessage:$reason,hookSpecificOutput:{hookEventName:"PreToolUse",permissionDecision:"deny",permissionDecisionReason:$reason,additionalContext:$reason}}'
791
791
  synkro_dispatch_capture "bash" "block" "\${LOCAL_SEV}" "\${LOCAL_CAT}" "$TOOL_NAME" "$GIT_REPO" "$SESSION_ID" \\
792
792
  "$COMMAND" "$LOCAL_REASON" "\${SYNKRO_RULES:-[]}" "$VIOLATED_JSON" "\${RECENT_USER_MESSAGES:-[]}"
793
793
  fi
@@ -947,20 +947,19 @@ if [ -n "$TRANSCRIPT_PATH" ] && [ -f "$TRANSCRIPT_PATH" ]; then
947
947
  fi
948
948
 
949
949
  synkro_load_config
950
- TAG=$(synkro_tag)
950
+ ROUTE=$(synkro_route)
951
+ TAG=$(synkro_tag "$ROUTE")
951
952
 
952
953
  if [ "$SYNKRO_SILENT" = "true" ]; then
953
954
  jq -n --arg m "$TAG editGuard \u2192 skipped (silent mode)" '{systemMessage: $m}'
954
955
  exit 0
955
956
  fi
956
957
 
957
- ROUTE=$(synkro_route)
958
-
959
958
  if [ "$ROUTE" = "local" ]; then
960
959
  # \u2500\u2500\u2500 Local grading (local_only privacy or local-cc channel) \u2500\u2500\u2500
961
960
  GRADER_FILE=$(mktemp -t synkro-edit.XXXXXX)
962
961
  trap "rm -f \\"$GRADER_FILE\\"" EXIT
963
- printf 'Working directory: %s\\nRepo: %s\\nFile: %s\\nProposed content (first 4000 chars):\\n%s\\nUser intent: %s\\nOrg rules: %s\\n' "\${CWD:-.}" "\${GIT_REPO:-unknown}" "$FILE_PATH" "$(printf '%s' "$PROPOSED" | head -c 4000)" "\${USER_INTENT:-none stated}" "\${SYNKRO_RULES:-[]}" > "$GRADER_FILE"
962
+ printf 'Working directory: %s\\nRepo: %s\\nFile: %s\\nProposed content (first 4000 chars):\\n%s\\nUser intent (last human message): %s\\nOrg rules: %s\\n' "\${CWD:-.}" "\${GIT_REPO:-unknown}" "$FILE_PATH" "$(printf '%s' "$PROPOSED" | head -c 4000)" "\${USER_INTENT:-none stated}" "\${SYNKRO_RULES:-[]}" > "$GRADER_FILE"
964
963
 
965
964
  CC_RESP=$(synkro_local_grade edit < "$GRADER_FILE" 2>&1)
966
965
  if [ $? -ne 0 ]; then
@@ -982,10 +981,9 @@ if [ "$ROUTE" = "local" ]; then
982
981
  synkro_dispatch_capture "edit" "warning" "\${LOCAL_SEV}" "\${LOCAL_CAT}" "$TOOL_NAME" "$GIT_REPO" "$SESSION_ID" \\
983
982
  "$EDIT_CONTENT" "$LOCAL_REASON" "\${SYNKRO_RULES:-[]}" "$VIOLATED_JSON" "[]"
984
983
  else
985
- if [ "$IS_HEADLESS" = "1" ]; then DEC="deny"; else DEC="ask"; fi
986
- REASON="$TAG editGuard $FILE_SHORT \u2192 block\${LOCAL_RULE_ID:+ ($LOCAL_RULE_ID)}: \${LOCAL_REASON:-policy violation}"
987
- jq -n --arg dec "$DEC" --arg reason "$REASON" --arg ctx "$REASON" \\
988
- '{hookSpecificOutput:{hookEventName:"PreToolUse",permissionDecision:$dec,permissionDecisionReason:$reason,additionalContext:$ctx}}'
984
+ REASON="$TAG editGuard $FILE_SHORT \u2192 blocked\${LOCAL_RULE_ID:+ ($LOCAL_RULE_ID)}: \${LOCAL_REASON:-policy violation}. Ask the user for explicit consent before retrying."
985
+ jq -n --arg reason "$REASON" \\
986
+ '{systemMessage:$reason,hookSpecificOutput:{hookEventName:"PreToolUse",permissionDecision:"deny",permissionDecisionReason:$reason,additionalContext:$reason}}'
989
987
  synkro_dispatch_capture "edit" "block" "\${LOCAL_SEV}" "\${LOCAL_CAT}" "$TOOL_NAME" "$GIT_REPO" "$SESSION_ID" \\
990
988
  "$EDIT_CONTENT" "$LOCAL_REASON" "\${SYNKRO_RULES:-[]}" "$VIOLATED_JSON" "[]"
991
989
  fi
@@ -1115,14 +1113,13 @@ while [ "$_PKG_DIR" != "/" ]; do
1115
1113
  done
1116
1114
 
1117
1115
  synkro_load_config
1118
- TAG=$(synkro_tag)
1116
+ ROUTE=$(synkro_route)
1117
+ TAG=$(synkro_tag "$ROUTE")
1119
1118
 
1120
1119
  if [ "$SYNKRO_SILENT" = "true" ]; then
1121
1120
  echo '{}'; exit 0
1122
1121
  fi
1123
1122
 
1124
- ROUTE=$(synkro_route)
1125
-
1126
1123
  if [ "$ROUTE" = "local" ]; then
1127
1124
  # \u2500\u2500\u2500 Local edit scan (local_only privacy or local-cc channel) \u2500\u2500\u2500
1128
1125
  GRADER_FILE=$(mktemp -t synkro-escan.XXXXXX)
@@ -1227,15 +1224,14 @@ PLAN_SHORT=$(printf '%s' "$PLAN" | head -c 80)
1227
1224
  synkro_log "planReview checking: $PLAN_SHORT..."
1228
1225
 
1229
1226
  synkro_load_config
1230
- TAG=$(synkro_tag)
1227
+ ROUTE=$(synkro_route)
1228
+ TAG=$(synkro_tag "$ROUTE")
1231
1229
 
1232
1230
  if [ "$SYNKRO_SILENT" = "true" ]; then
1233
1231
  jq -n --arg m "$TAG planReview \u2192 skipped (silent mode)" '{systemMessage: $m}'
1234
1232
  exit 0
1235
1233
  fi
1236
1234
 
1237
- ROUTE=$(synkro_route)
1238
-
1239
1235
  if [ "$ROUTE" = "local" ]; then
1240
1236
  GRADER_FILE=$(mktemp -t synkro-plan.XXXXXX)
1241
1237
  trap "rm -f \\"$GRADER_FILE\\"" EXIT
@@ -1404,12 +1400,12 @@ if [ -n "$JWT" ]; then
1404
1400
  fi
1405
1401
  fi
1406
1402
 
1407
- TAG=$(synkro_tag)
1408
-
1409
1403
  if (exec 3<>/dev/tcp/127.0.0.1/"$SYNKRO_PORT") 2>/dev/null; then
1410
1404
  exec 3<&- 3>&- 2>/dev/null || true
1405
+ TAG=$(synkro_tag "local")
1411
1406
  ROUTE_LINE="$TAG inference: local-cc (channel reachable on 127.0.0.1:$SYNKRO_PORT)"
1412
1407
  else
1408
+ TAG=$(synkro_tag "cloud")
1413
1409
  ROUTE_LINE="$TAG inference: cloud (local-cc channel not reachable)"
1414
1410
  fi
1415
1411
 
@@ -1604,7 +1600,9 @@ CMD_SHORT=$(printf '%s' "$COMMAND" | head -c 80)
1604
1600
  synkro_log "bashGuard checking: $CMD_SHORT"
1605
1601
 
1606
1602
  synkro_load_config
1607
- if [ "$SYNKRO_SILENT" = "true" ]; then echo '{}'; exit 0; fi
1603
+ if [ "$SYNKRO_SILENT" = "true" ]; then
1604
+ echo '{}'; exit 0
1605
+ fi
1608
1606
 
1609
1607
  BODY=$(jq -n \\
1610
1608
  --arg cmd "$COMMAND" \\
@@ -1660,7 +1658,9 @@ BASENAME=$(basename "$FILE_PATH" 2>/dev/null || echo "$FILE_PATH")
1660
1658
  synkro_log "editGuard checking: $BASENAME"
1661
1659
 
1662
1660
  synkro_load_config
1663
- if [ "$SYNKRO_SILENT" = "true" ]; then echo '{}'; exit 0; fi
1661
+ if [ "$SYNKRO_SILENT" = "true" ]; then
1662
+ echo '{}'; exit 0
1663
+ fi
1664
1664
 
1665
1665
  BODY=$(jq -n \\
1666
1666
  --arg file_path "$FILE_PATH" \\
@@ -3987,7 +3987,7 @@ function writeConfigEnv(opts) {
3987
3987
  `SYNKRO_CREDENTIALS_PATH=${shellQuoteSingle(credsPath)}`,
3988
3988
  `SYNKRO_TIER=${shellQuoteSingle(safeTier)}`,
3989
3989
  `SYNKRO_INFERENCE=${shellQuoteSingle(safeInference)}`,
3990
- `SYNKRO_VERSION=${shellQuoteSingle("1.4.39")}`
3990
+ `SYNKRO_VERSION=${shellQuoteSingle("1.4.41")}`
3991
3991
  ];
3992
3992
  if (safeSynkroBin) lines.push(`SYNKRO_CLI_BIN=${shellQuoteSingle(safeSynkroBin)}`);
3993
3993
  if (safeUserId) lines.push(`SYNKRO_USER_ID=${shellQuoteSingle(safeUserId)}`);